Google strengthens Chrome’s site isolation to protect browser against its own vulnerabilities
Google is telling Chrome users that it has extended an advanced defensive technology to protect against attacks exploiting vulnerabilities in the browser’s Blink rendering engine.
Chrome 77, which launched in September but was supplanted by Chrome 78 on Oct. 22, received the beefed-up site isolation, wrote Alex Moshchuk and Łukasz Anforowicz, two Google software engineers, in an Oct. 17 post to a company blog. “Site Isolation in Chrome 77 now helps defend against significantly stronger attacks,” the two said. “Site Isolation can now handle even severe attacks where the renderer process is fully compromised via a security bug, such as memory corruption bugs or Universal Cross-Site Scripting (UXSS) logic errors.”
As the label implies, Chrome’s site isolation limits each Blink rendering engine process to documents from a single website, thus isolating everything in a rendered site from other sites. The idea is that if a malicious website exploits a vulnerability, the hackers controlling the attack site won’t be able to access any data, say extremely valuable corporate data, outside of their own criminal website.
When Google fully implemented site isolation in mid-2018 (a year after it debuted) with Chrome 67, the technology’s primary purpose was to defend against the Spectra-style attacks envisioned when in-chip vulnerabilities were revealed earlier that year.
That’s now changed.
“Suppose an attacker discovered and exploited a memory corruption bug in Chrome’s rendering engine, Blink,” Moshchuk and Anforowicz said. “The bug might allow them to run arbitrary native code within the sandboxed renderer process, no longer constrained by the security checks in Blink. However, Chrome’s browser process knows what site the renderer process is dedicated to, so it can restrict which cookies, passwords, and site data the entire process is allowed to receive. This makes it far more difficult for attackers to steal cross-site data.”
For example, when site isolation of the renderer is activated, cookies and passwords can only be accessed by those…